From e9aa289fc08c01391c6d83c14be10167db5d6468 Mon Sep 17 00:00:00 2001 From: Geoffrey Bilder Date: Mon, 27 Jan 2020 10:48:22 +0000 Subject: [PATCH 1/6] turn off path protection as it mangles slashes in ror URIs --- app.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app.rb b/app.rb index 0d35915..39532b8 100644 --- a/app.rb +++ b/app.rb @@ -4,8 +4,7 @@ require 'open-uri' set :bind, '0.0.0.0' -set :protection, except: :frame_options - +set :protection, :except=>[:frame_options,:path_traversal] ROR_API = 'https://api.ror.org'.freeze ROR_RECON = 'https://reconcile.ror.org'.freeze MAX_RESULTS = 5 From 05795b175948ea7caf54b3f506ab22bbedc1fa18 Mon Sep 17 00:00:00 2001 From: Geoffrey Bilder Date: Mon, 27 Jan 2020 10:49:44 +0000 Subject: [PATCH 2/6] upgrade rack to deal with low severity security issue --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 6e8adef..d292bac 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source "http://rubygems.org" gem "sinatra" gem "json" -gem "rack" +gem "rack", ">= 1.6.12" gem "rspec" gem "simplecov" gem "sinatra-cross_origin" From cf835b2d5d12a44371dcbeebc238e3edb5a9e785 Mon Sep 17 00:00:00 2001 From: Geoffrey Bilder Date: Mon, 27 Jan 2020 10:50:21 +0000 Subject: [PATCH 3/6] provide sample file to reconcile --- ...ublisher_affiliation_names_with_local_ids.txt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 example/publisher_affiliation_names_with_local_ids.txt diff --git a/example/publisher_affiliation_names_with_local_ids.txt b/example/publisher_affiliation_names_with_local_ids.txt new file mode 100644 index 0000000..e4c258d --- /dev/null +++ b/example/publisher_affiliation_names_with_local_ids.txt @@ -0,0 +1,16 @@ +publisher_id name +1000001 University of Oxford +1000002 Oxford University +1000003 Welcome Trust +1000004 US Department of Transportation +1000005 National Aeronautics and Space Administration +1000006 National Institutes of Health +1000007 U.S. Department of Transportation +1000008 US Department of Transport +1000009 NASA +1000010 Wellcome Trust +1000011 Sloan Foundation +1000012 National Institute of Health +1000013 All Souls College, University of Oxford +1000014 Oxfnord University +1000015 The Foundation for Psychoceramics From 5a858383322e7e90e62ad6c5dc61a1c0a71bb52a Mon Sep 17 00:00:00 2001 From: Geoffrey Bilder Date: Mon, 27 Jan 2020 10:57:50 +0000 Subject: [PATCH 4/6] forgot to bundle --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f9d90d3..eeba3c5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -34,7 +34,7 @@ GEM json (2.1.0) minitest (5.11.3) public_suffix (3.0.3) - rack (1.6.11) + rack (1.6.12) rack-protection (1.5.5) rack rack-test (1.1.0) @@ -83,7 +83,7 @@ DEPENDENCIES codeclimate-test-reporter (~> 1.0, >= 1.0.8) factory_bot json - rack + rack (>= 1.6.12) rack-test rspec simplecov From 15491167054067add50b44d93b001ca39062df43 Mon Sep 17 00:00:00 2001 From: Geoffrey Bilder Date: Mon, 27 Jan 2020 11:01:19 +0000 Subject: [PATCH 5/6] fix port in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d639a4..6d3d187 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ But if you really want to install and work with the reconciler locally, you can ## test -`curl http://localhost:4567/heartbeat` +`curl http://localhost:9292/heartbeat` You should see something like: From 410a533e209b6ebdb0823ec17fc4cf209ca2065a Mon Sep 17 00:00:00 2001 From: Geoffrey Bilder Date: Mon, 27 Jan 2020 11:06:53 +0000 Subject: [PATCH 6/6] missing empty .env file --- .env | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..e69de29